Serviceteam IT Security News

FBI Issues Fortinet Flash Warning

The United States Federal Bureau of Investigation issued a flash warning Thursday over the exploitation of Fortinet vulnerabilities by advanced persistent threat (APT) groups.

According to the FBI, an APT actor group has "almost certainly" been exploiting a FortiGate appliance since at least May 2021 to access a web server hosting the domain for a US municipal government.

The APT actors may have established new user accounts on domain controllers, servers, workstations, and the active directories to help them carry out malicious activity on the network. 

"Some of these accounts appear to have been created to look similar to other existing accounts on the network, so specific account names may vary per organization," said the FBI. However, the Feds warned organizations to be on the lookout for accounts created with the usernames "elie" or “WADGUtilityAccount.”

Once inside a network, the APT actors can conduct data exfiltration, data encryption, or other malicious activity.

The alert comes just one month after the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned that APT actors had gained access to devices on ports 4443, 8443, and 10443 for Fortinet FortiOS CVE-2018-13379, and enumerated devices for FortiOS CVE-2020- 12812 and FortiOS CVE-2019-5591.

The cyber-criminal activity appears to be focused on exploiting particular vulnerabilities rather than specific sectors, as the APT actors have been observed actively targeting a broad range of victims across multiple industries.

"The fact that we continue to see these legacy vulnerabilities being exploited in spite of these alerts is a cautionary tale that unpatched flaws remain a valuable tool for APT groups and cyber-criminals in general," commented Satnam Narang, staff research engineer at Tenable

They added: "Unpatched vulnerabilities, not zero-days, are the biggest threat to most organizations today because it gets attackers to their end goal in the fastest and cheapest way. It is imperative that both public sector and private organizations that use the FortiGate SSL VPN apply these patches immediately to prevent future compromise.” 

Narang said that the risk posed by unpatched vulnerabilities was further heightened by the broad shift of the workforce to remote working over the past year.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply